Exch 2010sp1 Slow SMTP Queue Outbound
We are having problems with extremely slow delivery of email on our outbound SMTP delivery. We have the following setup.
3 HT/CAS servers with WNLB. All 3 have an outbound connector setup to point to Postini for email filtering. We have a TMG 2010 server between them and the internet. We seem to get inbound email quickly and all internal email is very fast.
Outbound sits in the queue for ever before being sent. It appears only 2 or 3 "active" connections per HT server at one time. This has only become a problem since moving to 2010 from 2003 and from ISA 06 to TMG 2010. I am not sure where the
setting might be to increase the connections allowed or if that is the problem. There are no errors reported it just seems to run slow. We do have TLS enabled if the other end can handle it. This is not a resource or bandwidth issue either.
I've gone through the connector setting and don't see anything restricting the number of connections. As an example it may take up to 20 minutes for an email to be delivered out of the queue and the queue only contains about 20 messages per server.
We have around 800 users so we are not talking about thousands of users. Any ideas?
Thanks in advance.
September 12th, 2011 7:30pm
You should not have many connections from your HT since you deliver mail to postini.
could it be that the shadow queue function trick you thinking mail delivery is slow?
http://technet.microsoft.com/en-us/library/dd351027.aspx
lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 12th, 2011 8:49pm
I don't think that is the problem. There is only one queue that is filling up on each server and it is the outbound "smarthostconnectordelivery" to postini. Each message sits in these queues for up to 20 minutes before going out. No messages
in the queue have errors and everthing will go out it just takes a long time.
September 12th, 2011 9:33pm
what if you configure a HT to send directly to Internet (and allow it in FW), does it queue up anywhat or is mail delivered as expected?.
lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 12th, 2011 9:59pm
Ok I removed the smarthost and all the DnsConnectorDelivery queue's fire up just fine. All of them can go to active and mail is delivering very rapidly. So is there something that throttles a smarthost to only deliver a few emails at a time
or a per queue max? I have never seen more than 2 active emails in the postini queue at one time.
September 12th, 2011 10:53pm
Have you taken a look at your smtp send connector logs? I would see if it's postini that's throttling back your connection, the logs will show that.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 12th, 2011 11:36pm
What should I be looking for in the logs? I see normal connection info. Would there be a pause or something?
September 12th, 2011 11:40pm
After more research and reading up on the postini docs, postini recommends not using a smarthost but use the private DNS method in the connector.
"Smarthost solutions for Microsoft Exchange can cause mail queueing delays.
Private Outbound DNS Service is designed to ease setup and prevent queueing
delays."
http://www.postini.com/webdocs/outbound/en/outbound_config_en.pdf
Here is a post as well from other users experiencing queuing and resolved using the private dns method.
Edge Transport queueing mail with status Ready, extremely slow delivery - help please!
http://social.technet.microsoft.com/Forums/en-US/exchangesvrtransport/thread/86380772-9f08-4c3b-a56d-70d92e945b39
Here is a post I found for a user explaning the behavior with postini
"Postini has problems taking delivery from an SMTP connector. They aren't actually doing store-and-forward-- they were acting more like a layer 7 proxy between the remote destination SMTP server and your sending SMTP server. If the remote SMTP server had
rejects a recipient, for example, Postini will return an error that puts the SMTP connector into retry state, "clogging up" the SMTP connector's queue. They haven't changed this behavior, so you're going to have to go thru stupid configuration tricks to route
around their brain-damage"
http://www.google.com/support/appsecurity/bin/answer.py?hl=en&answer=138629
In either case I would take the issue up with postini or do the private dns method since it's explictly mentioned as the preferred method on their doc.
James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 13th, 2011 3:26am
Hi Carpadum
Any update for your issue, above gave some good information.
If you have other issue or question, please feel free let us know.
Regards!
Gavin
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if
a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
September 13th, 2011 12:52pm
Thanks for all the info. I read through the postini docs and decided to try the outside DNS method because we use opportunistic TLS which is not supported in SMTP Service on IIS
7.5. I configured all HT servers according to the documentation and had major problems.
One of the HT servers reported DNS lookup failures however the other one did not. I don't know how this could be
and after doing the "troubleshooting" steps to change to postini's DNS via nslookup I determined it was not a problem with the firewall. DNS was working, it just was not working in exchange. Also our DAG failed and we ended up with corruption in both database
servers.
An error occurred while trying to write to the cluster database. Error: ClusterRegBatchClose failed with error
1726.
From what I have found it appears this can happen when DNS is not properly setup. This was strange because we did
not change DNS on the mailbox servers. At this point the primary was in a failed state and the secondary reported dismounted. I'm not sure what happened but it took a mount-database -force to bring the failover dag back online. Then I had to promote
the primary back into active.
The concept of all of this makes sense but for some reason it did not work for us. We already had the inbound setup just like postini described, we only lacked the outbound outside
dns config. We only had one send connector (smarthost to postini) so all I did was change that after setting the postini dns server as an outside dns provider on each HT.
Could this be a bug? Does it not work with WNLB?
Free Windows Admin Tool Kit Click here and download it now
September 13th, 2011 10:15pm
How did you configure DNS on HUB servers?
DNS in Win should point to internal server maintaining zone for AD. Configure DNS server on HT server object to use an external server. On SMTP connector to internet, configure it to use external DNS lookup.
lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
September 13th, 2011 10:27pm
That is what I did. I changed the properties of the DNS in EMC not in networking.
Free Windows Admin Tool Kit Click here and download it now
September 13th, 2011 10:29pm
Do you allow both TCP and UDP to port 53 from HT servers to DNS server on Internet?
lasse at humandata dot se, http://anewmessagehasarrived.blogspot.com
September 13th, 2011 10:31pm
Need to test if nslookup on the failing box to see if postini is refusing lookups for that host.
nslookup
server (ip of the postini dns server)
google.com
Do you get query refused?
Do same test on working server.James Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com
Free Windows Admin Tool Kit Click here and download it now
September 14th, 2011 12:00am
Hi Carpadum,
Per your description, the issue sounds odd.
I would suggest that you could open a ticket from MS, you will get more help from there.
I have run into the issue with a scenario that used exchange 2003 and used the postini as the the smarthost. The workaround is use other smarthost, and then to the postini.
The cause is that SMTP Connector expects a store & forward type smarthost (postini) for outboung mails, and the SMTP proxy function delays respond to SMTP command and results in subsequent
delay on following mails.
Regards!
Gavin
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contacttngfb@microsoft.com
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your
question. This can be beneficial to other community members reading the thread.
September 14th, 2011 6:01am
Yes DNS was working fine from all hosts (nslookup). Not a firewall issue. Using a smarthost is not an option for us because we use opertunistic TLS which is not supported on iis 7.5 smtp. I guess I will open a case with MS.
Free Windows Admin Tool Kit Click here and download it now
September 14th, 2011 5:37pm
Hi Carpadum,
If you have new update, please post here.
Thanks a lot.
Regards!
Gavin
TechNet Subscriber Support
in forum
If you have any feedback on our support, please contact
tngfb@microsoft.com
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if
a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
September 15th, 2011 10:03am